CVE-2006-3693

Rocks Clusters <4.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-3693. PoCs published by Xavier de Leon.

AI-analyzed exploit summary This exploit leverages a vulnerability in Rocks Clusters <=4.1 by abusing the `umount-loop` command to execute arbitrary shell commands, leading to local privilege escalation. It creates a shell script that copies `/bin/ksh` to a writable directory, sets SUID permissions, and changes ownership to root.

Description

Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Xavier de Leon · pythonlocallinux
https://www.exploit-db.com/exploits/2015

This exploit leverages a vulnerability in Rocks Clusters <=4.1 by abusing the `umount-loop` command to execute arbitrary shell commands, leading to local privilege escalation. It creates a shell script that copies `/bin/ksh` to a writable directory, sets SUID permissions, and changes ownership to root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Rocks Clusters <=4.1
Auth required
Prerequisites: Local access to the system · Writable current directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Xavier de Leon · bashlocallinux
https://www.exploit-db.com/exploits/2016

This exploit leverages a command injection vulnerability in the 'mount-loop' utility in Rocks Clusters <=4.1. It injects a Python command to escalate privileges to root by setting UID/GID to 0 and spawning a shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Rocks Clusters <=4.1
No auth needed
Prerequisites: 'mount-loop' must be in the PATH · Python must be installed on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27758
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19003
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1242
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21065
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440126/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2833

Scores

EPSS 0.0093
EPSS Percentile 56.0%

Details

Status published
Products (1)
rocks_clusters/rocks_clusters < 4.1
Published Jul 21, 2006
Tracked Since Feb 18, 2026